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CLAIMS 

1 . A packet transmission control system for managing traffic between at least two data 
networks, each of said networks comprising a plurality of host computers, 
communication lines and transmitted data packets, said system comprising: 

at least one firewall, said firewall comprising: 

hardware and software providing a non-redundant connection between 
said networks and serving to control packet transmission 
between said networks; 

means for classifying data packets received at said firewall related to the 
consumption of at least one resource; 

means for associating a maximum acceptable transmission rate with each class 
of data packet received at said firewall; 

means for limiting the transmission rate from the firewall to the maximum 
acceptable transmission rate for each class of data packet; and 

whereby, packet flooding and other over usage type distributed denial of 
service attacks cannot be effectively launched through said non- 
redundant connection. 

2. A packet transmission control system, as described in Claim 1 wherein the means for 
classifying data packets received at the firewall further comprises: 

identifying data packets as either of originating from locations within one of 
* said networks for transmission to another of said networks and 
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forwarded by locations within one of said networks for transmission to 
another of said networks; and 
whereby, said firewall will limit the transmission rate for data packets of each 
class from locations within one of said networks to provide 
proportionally fair forwarding service to other locations within said 
network that communicates through said non-redundant connection. 



A packet transmission control system, as described in Claim 1 wherein the means for 
classifying data packets received aWhe firewall further comprises: 

identifying data packets as either of data packets sent from one of said 

networks in response to identified data packets received from another of 
said networks and data packets not sent in response to said identified 
data packets; and 

whereby, said firewall will limit the transmission rate for data packets 

transmitted from locations within one of said networks to another of 
said networks that are not sent in response to identified data packets 
received at the firewall from said other network. 

A packet transmission control system, as described in Claim 1 wherein the means for 
classifying data packets received at the firewall further comprises: 

identifying data packets as requests for services of at least one type requiring 
• transmission of data packets from locations within one of said networks 
to another of said networks; 
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means for said firewall to measure the amount of service requested by each 
packet; and 

whereby, said firewall will limit the transmission rate for data packets that are 
requests for services based upon the amount of service requested by 
those packets in order to limit the rate of usage of each type of service. 

5. A packet transmission control system, as described in Claim 1 wherein the means for 
classifying data packets received at the firewall further comprises: 

identifying data packets as responses to earlier service requests of at least one 

type from a location within one of said networks requiring transmission 

of data packets to another of said networks; 
means for said firewall to measure the amount of service consumed in order to 

send each identified response data packet; and 
whereby, said firewall will limit the transmission rate for data packets that are 

requests for services of each type based upon the amount of service 

delivered in response to previous requests. 

6. A packet transmission control system, as described in Claim 1, further comprising: 

means for storing and recalling past measurements of amounts of service 

provided for each type of service; and 
whereby, said firewall will limit the transmission rate for data packets that are 

requests for each type of service to limit usage of each service over 

extended periods of time. 
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